<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle21
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link="#0563C1" vlink="#954F72" style='word-wrap:break-word'><div class=WordSection1><p class=MsoNormal><span style='color:#2F5597;mso-style-textfill-fill-color:#2F5597;mso-style-textfill-fill-alpha:100.0%'>But, (excuse my ignorance) what does this have to do with break ins re 2FA? In other words, if I’m on my computer, and a reputable site (paypal, etc.) asks for the 2FA code, and I provide it, are you saying there is still a danger of becoming compromised by that? thanks denise<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Yes Denise, that is exactly what I am saying<o:p></o:p></p><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>For example Microsoft had a breach in their Active Directory software. So every business customer who is using that software may also be impacted. And if that customer is another software company or makes industrial machines and software, they maybe affected too. And on and on it goes until all of them apply the fixes. Does that help?<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>More recently there was something with SOHO routers from Cisco and one other maker. These are small businesses that may not even know they are affected or may not have the resources to do anything. Hope that helps, Smita Desai <o:p></o:p></p></div><div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><p class=MsoNormal><o:p></o:p></p><p class=MsoNormal><span style='font-size:13.0pt'>Smita: in English? (sorry; newbie-ish; not understanding a lot of what you said) Are you saying that there are more and more break ins even when there IS 2FA? Thanks; denise</span> <o:p></o:p></p><p class=MsoNormal><span style='font-size:13.0pt'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:12.0pt;font-family:"Arial",sans-serif'>Far more than you would think if you subscribe to CISA vulnerabilities emails….. We only hear about the large companies, but not much about the secondary ones ….latest one was Xfinity, that if I remember correctly had to do with MoveIt – a file transfer software made by Progress Software used by many large enterprises including financial service companies. …..Same for Solar Winds…. Another example is Okta – a company that makes two factor authentication. ….</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:12.0pt;font-family:"Arial",sans-serif'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:12.0pt;font-family:"Arial",sans-serif'>Smita Desai</span><o:p></o:p></p></div></blockquote></div></div></body></html>